US20080276299A1 - Wireless terminal apparatus and method of protecting system resources - Google Patents
Wireless terminal apparatus and method of protecting system resources Download PDFInfo
- Publication number
- US20080276299A1 US20080276299A1 US12/034,923 US3492308A US2008276299A1 US 20080276299 A1 US20080276299 A1 US 20080276299A1 US 3492308 A US3492308 A US 3492308A US 2008276299 A1 US2008276299 A1 US 2008276299A1
- Authority
- US
- United States
- Prior art keywords
- domain
- terminal apparatus
- wireless terminal
- data information
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/26—Power supply means, e.g. regulation thereof
- G06F1/32—Means for saving power
- G06F1/3203—Power management, i.e. event-based initiation of a power-saving mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/26—Power supply means, e.g. regulation thereof
- G06F1/32—Means for saving power
- G06F1/3203—Power management, i.e. event-based initiation of a power-saving mode
- G06F1/3234—Power saving characterised by the action undertaken
- G06F1/3287—Power saving characterised by the action undertaken by switching off individual functional units in the computer system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/81—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/125—Protection against power exhaustion attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Definitions
- the present invention relates to a wireless terminal apparatus such as a mobile phone, and more particularly to a wireless terminal apparatus and a method of protecting system resources of the wireless terminal apparatus from malicious software (“malware”) attack to guarantee safe security services in a wireless environment.
- malicious software malicious software
- a wireless terminal apparatus such as a mobile phone, provides diverse information services in a wireless environment.
- FIG. 1 is a block diagram illustrating the construction of a related art wireless terminal apparatus.
- the related art terminal apparatus includes a domain unit 10 provided with one operating system (OS) 11 and applications 12 , and a system resource unit 20 provided with a ROM, a central processing unit (CPU), a memory, a battery, an input/output (I/O) device, and so forth.
- applications 12 including voice call, banking, trading, digital rights management (DRM), and so forth, are driven by one operating system 11 .
- all applications 12 are operated by one operating system 11 irrespective of the degree of security, and thus, if malicious software is installed in the wireless terminal apparatus without the user's knowledge in a wireless environment, wireless data information and system resources of the wireless terminal apparatus cannot be protected from malware attack, and safe security services cannot be guaranteed.
- the malware consumes battery power of the wireless terminal apparatus to make important services unusable. Also, when a received message, such as a Short Message Service (SMS)/Multimedia Messaging Service (MMS) message that includes malware, is executed, the whole system is damaged, hindering the availability of the wireless terminal apparatus.
- SMS Short Message Service
- MMS Multimedia Messaging Service
- the malware can monitor the contents of the memory before the performance of the encryption or decryption, and thus the user's secret data may flow out.
- Exemplary embodiments of the present invention overcome the above disadvantages and other disadvantages not described above. Also, the present invention is not required to overcome the disadvantages described above, and an exemplary embodiment of the present invention may not overcome any of the problems described above.
- An aspect of the present invention provides a wireless terminal apparatus, which includes a domain unit having a first domain driving a first application that is very safe and a second domain separated from the first domain and driving a second application that is weak in safety; a system resource unit composed of hardware of the wireless terminal apparatus; and a control unit controlling an operation of the domain unit that accesses the system resource unit.
- Another aspect of the present invention provides a method of protecting system resources for a wireless terminal apparatus, which includes (a) calculating a current amount of battery power used for a second domain, which is separated from a first domain driving an application that requires safety and drives a general application that is weak in safety, and a current remaining amount of battery power of the wireless terminal apparatus; (b) interrupting the driving of the second domain if the current remaining amount of battery power of the wireless terminal apparatus calculated at the step (a) is below a minimum reference value for stably driving an important service; and (c) gradually reducing an amount of CPU usage of the second domain if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and the current amount of battery power used for the second domain is above a maximum reference value.
- FIG. 1 is a block diagram illustrating the construction of a related art wireless terminal apparatus
- FIG. 2 is a block diagram illustrating the construction of a wireless terminal apparatus according to an exemplary embodiment of the present invention
- FIG. 3 is a flowchart explaining a method of processing malware attack against a battery in a wireless terminal apparatus according to an exemplary embodiment of the present invention
- FIG. 4 is a flowchart explaining a method of performing at least one of encryption and decryption in a wireless terminal apparatus according to an exemplary embodiment of the present invention.
- FIG. 5 is a flowchart explaining a method of performing SMS/MMS data backup in a wireless terminal apparatus according to an exemplary embodiment of the present invention.
- FIG. 2 is a block diagram illustrating the construction of a wireless terminal apparatus according to an exemplary embodiment of the present invention.
- the wireless terminal apparatus includes a domain unit 100 , a system resource unit 200 , a control unit 300 , and so forth.
- the domain unit 100 is an environment in which applications are operated by corresponding operating systems (OS).
- the domain unit 100 includes first, second, and third domains 110 , 120 , and 130 .
- the second domain 120 is separated from the first domain 110 , and downloads a second application 121 , which is somewhat weak in safety and may be attacked by malware, from a general wireless internet server to install the downloaded second application 121 .
- the second operating system (OS 2 ) 122 executes the second application 121 .
- the second application 121 includes applications for providing services such as SMS/MMS, user APP, and so forth.
- the third domain 130 is separated from the first and second domains 110 and 120 , and makes a backup of important data information of the second domain 120 in order to prevent the important data information from being deleted or changed due to the execution of malware included in the second application 121 .
- the third domain 130 only performs the data backup without executing the backup data information.
- the system resource unit 200 is composed of hardware of the wireless terminal apparatus.
- the system resource unit 200 includes a ROM 210 , a CPU 220 , a memory 230 , a battery 240 , an input/output (I/O) device 250 , and so forth.
- the ROM 210 is a storage region that cannot be illegally changed by a user or system.
- the memory 230 is a storage device in which wireless data information is stored, and includes a nonvolatile memory, for example, a flash memory.
- the memory has a plurality of storage regions in which diverse kinds of wireless data information are dividedly stored according to their kinds and security. Important data information may be encrypted and the encrypted information may be stored in a specified storage region among the storage regions.
- the control unit 300 controls the operation of the domain unit 100 using a virtual machine monitor (VMM) so that the domain unit 100 can access the system resource unit 200 .
- VMM virtual machine monitor
- the control unit 300 is provided with an access control module 310 and an encryption module 320 .
- the access control module 310 controls the operation of the second domain 120 that accesses the system resource unit 200 in order to react to the malware attack against the system resource unit 200 .
- the access control module 310 interrupts the driving of the second domain 120 if the current remaining amount of battery power of the wireless terminal apparatus is below a minimum reference value for stably driving an important service.
- the access control module 310 gradually reduces the amount of CPU usage of the second domain 120 if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and the current amount of battery power used for the second domain 120 is above a maximum reference value.
- the minimum reference value and the maximum reference value are reference values predefined during the setting of the wireless terminal apparatus.
- the encryption module 320 performs encryption and decryption of the important data information being input from the first and second domains 110 and 120 to the system resource unit 200 .
- the encryption module 320 performs encryption, decryption, and electronic signature of the important data information using VMM in the case where the wireless terminal apparatus does not support a hardwired encryption function.
- FIG. 3 is a flowchart explaining a method of processing malware attack against a battery in a wireless terminal apparatus according to an exemplary embodiment of the present invention.
- the wireless terminal apparatus guarantees the availability of the battery 240 by managing the corresponding domain.
- the malware included in the second application 121 of the second domain 120 attacks the battery 240 of the system resource unit 200
- the current amount of battery power used for the second domain 12 and the current remaining amount of battery power of the wireless terminal apparatus are calculated S 101 .
- the driving of the second domain 120 is interrupted S 103 , and the malware attack against the battery 240 is reported to the user S 104 .
- the amount of CPU usage of the second domain 120 is kept within the maximum reference value S 106 by gradually reducing the amount of CPU usage of the second domain 120 .
- the battery consumption is in close relation to the amount of CPU usage.
- FIG. 4 is a flowchart explaining a method of performing at least one of encryption and decryption in a wireless terminal apparatus according to an exemplary embodiment of the present invention.
- encryption/decryption of the important data information which is input from the first and second domains 110 and 120 to the system resource unit 200 that is composed of hardware of the wireless terminal apparatus, is performed, and thus, security is improved.
- data information for encryption, decryption, and electronic signature is input from the first and second domains 110 and 120 S 201 . Then, it is confirmed whether the wireless terminal apparatus supports hardwired encryption operation of the input data information S 202 . If the wireless terminal apparatus supports the hardwired encryption operation, the encryption operation is performed through high-speed hardware S 203 , while if not, a software encryption operation is performed through the control unit 300 using VMM S 204 . Then, the encrypted data information is returned to the respective domains 110 and 120 requesting the encrypted data information S 205 .
- FIG. 5 is a flowchart explaining a method of performing SMS/MMS data backup in a wireless terminal apparatus according to an exemplary embodiment of the present invention.
- the SMS/MMS message is stored as a backup in the third domain 130 that is separated from the first and second domains 110 and 120 in order to prevent the SMS/MMS message from being deleted or changed due to the execution of the malware included in the SMS/MMS message.
- the second domain 120 receives and executes the SMS/MMS message S 301 , and then transmits the received SMS/MMS message to the third domain 130 , so that the third domain 130 stores the transmitted SMS/MMS message S 302 .
- the third domain 130 in order to minimize the damage of the system when the SMS/MMS including the malware is executed and to perform data restoration, the third domain 130 only stores the backup data information without executing the backup data information.
- the wireless terminal apparatus and the method of protecting system resources according to the exemplary embodiments of the present invention have one or more effects as follows.
- the security of the wireless terminal apparatus may be improved.
- the availability of the wireless terminal apparatus may be increased.
- the important data information is prevented from being deleted or changed due to the execution of malware included in the general applications.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
A wireless terminal apparatus is provided, which includes a domain unit having a first domain which drives a first application and a second domain, separated from the first domain, which drives a second application; a system resource unit composed of hardware of the wireless terminal apparatus; and a control unit which controls an operation of the domain unit that accesses the system resource unit.
Description
- This application claims priority from U.S. Provisional Application No. 60/907,419 filed on Apr. 2, 2007 in the United States Patent and Trademark Office, and Korean Patent Application No. 10-2007-0107421 filed on Oct. 24, 2007 in the Korean Intellectual Property Office, the disclosures of which are incorporated herein in their entirety by reference.
- 1. Field of the Invention
- The present invention relates to a wireless terminal apparatus such as a mobile phone, and more particularly to a wireless terminal apparatus and a method of protecting system resources of the wireless terminal apparatus from malicious software (“malware”) attack to guarantee safe security services in a wireless environment.
- 2. Description of the Related Art
- Generally, a wireless terminal apparatus, such as a mobile phone, provides diverse information services in a wireless environment.
-
FIG. 1 is a block diagram illustrating the construction of a related art wireless terminal apparatus. - As illustrated in
FIG. 1 , the related art terminal apparatus includes adomain unit 10 provided with one operating system (OS) 11 andapplications 12, and asystem resource unit 20 provided with a ROM, a central processing unit (CPU), a memory, a battery, an input/output (I/O) device, and so forth. In the related art terminal apparatus,applications 12 including voice call, banking, trading, digital rights management (DRM), and so forth, are driven by oneoperating system 11. - According to the related art wireless terminal apparatus as described above, however, all
applications 12 are operated by oneoperating system 11 irrespective of the degree of security, and thus, if malicious software is installed in the wireless terminal apparatus without the user's knowledge in a wireless environment, wireless data information and system resources of the wireless terminal apparatus cannot be protected from malware attack, and safe security services cannot be guaranteed. - More specifically, the malware consumes battery power of the wireless terminal apparatus to make important services unusable. Also, when a received message, such as a Short Message Service (SMS)/Multimedia Messaging Service (MMS) message that includes malware, is executed, the whole system is damaged, hindering the availability of the wireless terminal apparatus.
- In addition, when operation such as encryption or decryption is performed in a memory of the wireless terminal apparatus, the malware can monitor the contents of the memory before the performance of the encryption or decryption, and thus the user's secret data may flow out.
- Exemplary embodiments of the present invention overcome the above disadvantages and other disadvantages not described above. Also, the present invention is not required to overcome the disadvantages described above, and an exemplary embodiment of the present invention may not overcome any of the problems described above.
- An aspect of the present invention provides a wireless terminal apparatus, which includes a domain unit having a first domain driving a first application that is very safe and a second domain separated from the first domain and driving a second application that is weak in safety; a system resource unit composed of hardware of the wireless terminal apparatus; and a control unit controlling an operation of the domain unit that accesses the system resource unit.
- Another aspect of the present invention provides a method of protecting system resources for a wireless terminal apparatus, which includes (a) calculating a current amount of battery power used for a second domain, which is separated from a first domain driving an application that requires safety and drives a general application that is weak in safety, and a current remaining amount of battery power of the wireless terminal apparatus; (b) interrupting the driving of the second domain if the current remaining amount of battery power of the wireless terminal apparatus calculated at the step (a) is below a minimum reference value for stably driving an important service; and (c) gradually reducing an amount of CPU usage of the second domain if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and the current amount of battery power used for the second domain is above a maximum reference value.
- The above and other features of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which:
-
FIG. 1 is a block diagram illustrating the construction of a related art wireless terminal apparatus; -
FIG. 2 is a block diagram illustrating the construction of a wireless terminal apparatus according to an exemplary embodiment of the present invention; -
FIG. 3 is a flowchart explaining a method of processing malware attack against a battery in a wireless terminal apparatus according to an exemplary embodiment of the present invention; -
FIG. 4 is a flowchart explaining a method of performing at least one of encryption and decryption in a wireless terminal apparatus according to an exemplary embodiment of the present invention; and -
FIG. 5 is a flowchart explaining a method of performing SMS/MMS data backup in a wireless terminal apparatus according to an exemplary embodiment of the present invention. - Exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The aspects and features of the present invention and methods for achieving the aspects and features will be apparent by referring to the exemplary embodiments to be described in detail with reference to the accompanying drawings. However, the present invention is not limited to the exemplary embodiments disclosed hereinafter, but can be implemented in diverse forms. The matters defined in the description, such as the detailed construction and elements, are nothing but specific details provided to assist those of ordinary skill in the art in a comprehensive understanding of the invention, and the present invention is only defined within the scope of the appended claims. In the entire description of the present invention, the same drawing reference numerals are used for the same elements across various figures.
- Hereinafter, a wireless terminal apparatus and a method of protecting system resources according to exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may obscure the subject matter of the present invention.
-
FIG. 2 is a block diagram illustrating the construction of a wireless terminal apparatus according to an exemplary embodiment of the present invention. - As illustrated in
FIG. 2 , the wireless terminal apparatus according to an exemplary embodiment of the present invention includes adomain unit 100, asystem resource unit 200, acontrol unit 300, and so forth. - The
domain unit 100 is an environment in which applications are operated by corresponding operating systems (OS). Thedomain unit 100 includes first, second, andthird domains - The
first domain 110 downloads afirst application 111 that requires safety from an authenticated wireless internet server, and installs the downloadedfirst application 111. The first operating system (OS1) 112 executes thefirst application 111. Thefirst application 111 includes applications for providing services such as voice call, banking, trading, digital rights management (DRM), and so forth. - The
second domain 120 is separated from thefirst domain 110, and downloads asecond application 121, which is somewhat weak in safety and may be attacked by malware, from a general wireless internet server to install the downloadedsecond application 121. The second operating system (OS2) 122 executes thesecond application 121. Thesecond application 121 includes applications for providing services such as SMS/MMS, user APP, and so forth. - The
third domain 130 is separated from the first andsecond domains second domain 120 in order to prevent the important data information from being deleted or changed due to the execution of malware included in thesecond application 121. In order to minimize the damage to the system when the SMS/MMS including the malware is executed, thethird domain 130 only performs the data backup without executing the backup data information. - The
system resource unit 200 is composed of hardware of the wireless terminal apparatus. Thesystem resource unit 200 includes aROM 210, aCPU 220, amemory 230, abattery 240, an input/output (I/O)device 250, and so forth. Here, theROM 210 is a storage region that cannot be illegally changed by a user or system. Thememory 230 is a storage device in which wireless data information is stored, and includes a nonvolatile memory, for example, a flash memory. The memory has a plurality of storage regions in which diverse kinds of wireless data information are dividedly stored according to their kinds and security. Important data information may be encrypted and the encrypted information may be stored in a specified storage region among the storage regions. - The
control unit 300 controls the operation of thedomain unit 100 using a virtual machine monitor (VMM) so that thedomain unit 100 can access thesystem resource unit 200. In order to protect thesystem resource unit 200, thecontrol unit 300 is provided with anaccess control module 310 and anencryption module 320. - The
access control module 310 controls the operation of thesecond domain 120 that accesses thesystem resource unit 200 in order to react to the malware attack against thesystem resource unit 200. For example, in the event that the malware included in thesecond application 121 of thesecond domain 120 attacks thebattery 240 in thesystem resource unit 200, theaccess control module 310 interrupts the driving of thesecond domain 120 if the current remaining amount of battery power of the wireless terminal apparatus is below a minimum reference value for stably driving an important service. On the other hand, theaccess control module 310 gradually reduces the amount of CPU usage of thesecond domain 120 if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and the current amount of battery power used for thesecond domain 120 is above a maximum reference value. Here, the minimum reference value and the maximum reference value are reference values predefined during the setting of the wireless terminal apparatus. - The
encryption module 320 performs encryption and decryption of the important data information being input from the first andsecond domains system resource unit 200. For example, theencryption module 320 performs encryption, decryption, and electronic signature of the important data information using VMM in the case where the wireless terminal apparatus does not support a hardwired encryption function. - Hereinafter, with reference to
FIGS. 3 to 5 , the method of protecting the system resources for a wireless terminal apparatus according to an exemplary embodiment of the present invention will be described in detail. -
FIG. 3 is a flowchart explaining a method of processing malware attack against a battery in a wireless terminal apparatus according to an exemplary embodiment of the present invention. - As illustrated in
FIG. 3 , in the case where thebattery 240 of the wireless terminal apparatus is attacked by malware, the wireless terminal apparatus according to the present invention guarantees the availability of thebattery 240 by managing the corresponding domain. - More specifically, when the malware included in the
second application 121 of thesecond domain 120 attacks thebattery 240 of thesystem resource unit 200, the current amount of battery power used for thesecond domain 12 and the current remaining amount of battery power of the wireless terminal apparatus are calculated S101. Then, if the current remaining amount of battery power of the wireless terminal apparatus is below the minimum reference value for stably driving the important service S102, the driving of thesecond domain 120 is interrupted S103, and the malware attack against thebattery 240 is reported to the user S104. Then, if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and the current amount of battery power used for thesecond domain 120 is above the maximum reference value S105, the amount of CPU usage of thesecond domain 120 is kept within the maximum reference value S106 by gradually reducing the amount of CPU usage of thesecond domain 120. Here, the battery consumption is in close relation to the amount of CPU usage. -
FIG. 4 is a flowchart explaining a method of performing at least one of encryption and decryption in a wireless terminal apparatus according to an exemplary embodiment of the present invention. - As illustrated in
FIG. 4 , according to the encryption/decryption method for the wireless terminal apparatus according to the present invention, encryption/decryption of the important data information, which is input from the first andsecond domains system resource unit 200 that is composed of hardware of the wireless terminal apparatus, is performed, and thus, security is improved. - More specifically, data information for encryption, decryption, and electronic signature is input from the first and
second domains control unit 300 using VMM S204. Then, the encrypted data information is returned to therespective domains -
FIG. 5 is a flowchart explaining a method of performing SMS/MMS data backup in a wireless terminal apparatus according to an exemplary embodiment of the present invention. - As illustrated in
FIG. 5 , according to the exemplary embodiment of the present invention, the SMS/MMS message is stored as a backup in thethird domain 130 that is separated from the first andsecond domains - More specifically, the
second domain 120 receives and executes the SMS/MMS message S301, and then transmits the received SMS/MMS message to thethird domain 130, so that thethird domain 130 stores the transmitted SMS/MMS message S302. In this case, in order to minimize the damage of the system when the SMS/MMS including the malware is executed and to perform data restoration, thethird domain 130 only stores the backup data information without executing the backup data information. - As described above, the wireless terminal apparatus and the method of protecting system resources according to the exemplary embodiments of the present invention have one or more effects as follows.
- First, by separating the operating system, in which an application that requires safety and should be protected from malware attack is executed, from general applications that are weak in safety, the security of the wireless terminal apparatus may be improved.
- Second, by protecting the system resources of the wireless terminal apparatus from malware attack, for example, by preventing the battery consumption due to the malware attack, the availability of the wireless terminal apparatus may be increased.
- Third, by performing encryption/decryption of important data information of the wireless terminal apparatus, security for the important data information may be improved.
- Fourth, by performing a backup of the important data information of the operating system in which general applications are executed, the important data information is prevented from being deleted or changed due to the execution of malware included in the general applications.
- Although exemplary embodiments of the present invention have been described for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.
Claims (17)
1. A wireless terminal apparatus comprising:
a domain unit having a first domain which drives a first application, and a second domain, separated from the first domain, which drives a second application;
a system resource unit; and
a control unit which controls an access operation of the domain unit that accesses the system resource unit.
2. The wireless terminal apparatus of claim 1 , wherein the first application comprises an application which provides at least one of voice call, banking, trading, and digital rights management (DRM) services.
3. The wireless terminal apparatus of claim 1 , wherein the second application comprises an application which provides a Short Message Service (SMS)/Multimedia Messaging Service (MMS) service.
4. The wireless terminal apparatus of claim 1 , wherein the system resource unit comprises at least one of a memory, a battery, and a central processing unit (CPU).
5. The wireless terminal apparatus of claim 1 , wherein the control unit controls the access operation of the domain unit using a virtual machine monitor (VMM).
6. The wireless terminal apparatus of claim 1 , wherein the control unit comprises an access control module which controls an operation of the second domain that accesses the system resource unit to react to a malware attack against the system resource unit.
7. The wireless terminal apparatus of claim 6 , wherein the access control module interrupts the driving of the second domain if a current remaining amount of battery power of the wireless terminal apparatus is below a minimum reference value for stably driving a service.
8. The wireless terminal apparatus of claim 7 , wherein the access control module gradually reduces an amount of central processing unit (CPU) usage of the second domain if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and a current amount of battery power used for the second domain is above a maximum reference value.
9. The wireless terminal apparatus of claim 1 , wherein the control unit comprises an encryption module which performs at least one of encryption and decryption of data information input to the system resource unit.
10. The wireless terminal apparatus of claim 9 , wherein the encryption module performs encryption, decryption, and electronic signature of the data information using a virtual machine monitor (VMM) if the wireless terminal apparatus does not support a hardwired encryption function.
11. The wireless terminal apparatus of claim 1 further comprising a third domain which performs a backup of data information of the second domain to prevent the data information from being deleted or changed due to an execution of malware included in the second application.
12. The wireless terminal apparatus of claim 11 , wherein the third domain only stores the backup data information without executing the backup data information.
13. A method of protecting system resources for a wireless terminal apparatus, the method comprising:
(a) calculating a current amount of battery power used for a second domain, which is separated from a first domain driving a first application, and drives a second application, and a current remaining amount of battery power of the wireless terminal apparatus;
(b) interrupting the driving of the second domain if the current remaining amount of battery power of the wireless terminal apparatus calculated at operation (a) is below a minimum reference value for stably driving a service; and
(c) gradually reducing an amount of central processing unit (CPU) usage of the second domain if the current remaining amount of battery power of the wireless terminal apparatus is above the minimum reference value and the current amount of battery power used for the second domain is above a maximum reference value.
14. The method of claim 13 further comprising (d) performing at least one of encryption decryption of the data information which is input from the first and second domains to a system resource unit of the wireless terminal apparatus.
15. The method of claim 14 , wherein operation (d) comprises:
(d1) receiving an input of data information for encryption, decryption, and electronic signature from the first and second domains;
(d2) performing an encryption operation of the data information input at operation (d1) if the wireless terminal apparatus supports a hardwired encryption function, while the control unit uses a virtual machine monitor (VMM) performing a software encryption operation if the wireless terminal apparatus does not support the hardwired encryption function; and
(d3) returning the data information encrypted at operation (d2) to the domain requesting the encrypted data information.
16. The method of claim 14 further comprising (e) the second domain storing as a backup a Short Message Service (SMS)/Multimedia Messaging Service (MMS) message in a third domain that is separated from the first and second domains to prevent the SMS/MMS message from being deleted or changed due to an execution of malware included in the SMS/MMS message.
17. The method of claim 16 , wherein operation (e) comprises:
(e1) the second domain receiving and executing the SMS/MMS message; and
(e2) transmitting the SMS/MMS message to the third domain to store the SMS/MMS message in the third domain.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/034,923 US20080276299A1 (en) | 2007-04-02 | 2008-02-21 | Wireless terminal apparatus and method of protecting system resources |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US90741907P | 2007-04-02 | 2007-04-02 | |
KR1020070107421A KR101506254B1 (en) | 2007-04-02 | 2007-10-24 | Wireless telephone apparatus and method for protecting system resources |
KR10-2007-0107421 | 2007-10-24 | ||
US12/034,923 US20080276299A1 (en) | 2007-04-02 | 2008-02-21 | Wireless terminal apparatus and method of protecting system resources |
Publications (1)
Publication Number | Publication Date |
---|---|
US20080276299A1 true US20080276299A1 (en) | 2008-11-06 |
Family
ID=39855205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/034,923 Abandoned US20080276299A1 (en) | 2007-04-02 | 2008-02-21 | Wireless terminal apparatus and method of protecting system resources |
Country Status (3)
Country | Link |
---|---|
US (1) | US20080276299A1 (en) |
EP (1) | EP1998575B1 (en) |
JP (1) | JP2008257715A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130125125A1 (en) * | 2010-07-21 | 2013-05-16 | Shuichi Karino | Computer system and offloading method in computer system |
US20130247048A1 (en) * | 2010-11-30 | 2013-09-19 | France Telecom | Method of operating a communication device and related communication device |
US20150347262A1 (en) * | 2014-05-30 | 2015-12-03 | Apple Inc. | Performance management based on resource consumption |
US9471378B2 (en) | 2012-05-31 | 2016-10-18 | Apple Inc. | Adaptive resource management of a data processing system |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130097203A1 (en) * | 2011-10-12 | 2013-04-18 | Mcafee, Inc. | System and method for providing threshold levels on privileged resource usage in a mobile network environment |
Citations (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020083110A1 (en) * | 2000-12-27 | 2002-06-27 | Michael Kozuch | Mechanism for providing power management through virtualization |
US20030107512A1 (en) * | 2001-12-06 | 2003-06-12 | Mcfarland William | Radar detection and dynamic frequency selection for wireless local area networks |
US20030126184A1 (en) * | 2001-12-06 | 2003-07-03 | Mark Austin | Computer apparatus, terminal server apparatus & performance management methods therefor |
US20050193101A1 (en) * | 2004-03-01 | 2005-09-01 | Oliver Mitchell B. | Execution of unverified programs in a wireless, device operating environment |
US20050223220A1 (en) * | 2004-03-31 | 2005-10-06 | Campbell Randolph L | Secure virtual machine monitor to tear down a secure execution environment |
US20050268078A1 (en) * | 2004-05-12 | 2005-12-01 | Zimmer Vincent J | Distributed advanced power management |
US20060022161A1 (en) * | 2004-07-29 | 2006-02-02 | Denso Corporation | Fuel injection valve having small sized structure |
US20060177061A1 (en) * | 2004-10-25 | 2006-08-10 | Orsini Rick L | Secure data parser method and system |
US7093086B1 (en) * | 2002-03-28 | 2006-08-15 | Veritas Operating Corporation | Disaster recovery and backup using virtual machines |
US20070004468A1 (en) * | 2005-06-30 | 2007-01-04 | Nokia Corporation | System and method for controlling energy usage in mobile applications |
US20070005919A1 (en) * | 2005-07-01 | 2007-01-04 | Red Hat, Inc. | Computer system protection based on virtualization |
US20070168690A1 (en) * | 2005-11-18 | 2007-07-19 | Ross Alan D | Highly available computing platform |
US20070192641A1 (en) * | 2006-02-10 | 2007-08-16 | Intel Corporation | Method and apparatus to manage power consumption in a computer |
US20070208918A1 (en) * | 2006-03-01 | 2007-09-06 | Kenneth Harbin | Method and apparatus for providing virtual machine backup |
US20080028076A1 (en) * | 2006-07-26 | 2008-01-31 | Diwaker Gupta | Systems and methods for controlling resource usage by a driver domain on behalf of a virtual machine |
US20080276111A1 (en) * | 2004-09-03 | 2008-11-06 | Jacoby Grant A | Detecting Software Attacks By Monitoring Electric Power Consumption Patterns |
US7784098B1 (en) * | 2005-07-14 | 2010-08-24 | Trend Micro, Inc. | Snapshot and restore technique for computer system recovery |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101006433B (en) * | 2004-08-25 | 2012-01-11 | 日本电气株式会社 | Information communication device, and program execution environment control method |
-
2008
- 2008-02-21 US US12/034,923 patent/US20080276299A1/en not_active Abandoned
- 2008-03-26 EP EP08153295.4A patent/EP1998575B1/en not_active Expired - Fee Related
- 2008-03-27 JP JP2008084011A patent/JP2008257715A/en active Pending
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020083110A1 (en) * | 2000-12-27 | 2002-06-27 | Michael Kozuch | Mechanism for providing power management through virtualization |
US20030107512A1 (en) * | 2001-12-06 | 2003-06-12 | Mcfarland William | Radar detection and dynamic frequency selection for wireless local area networks |
US20030126184A1 (en) * | 2001-12-06 | 2003-07-03 | Mark Austin | Computer apparatus, terminal server apparatus & performance management methods therefor |
US7093086B1 (en) * | 2002-03-28 | 2006-08-15 | Veritas Operating Corporation | Disaster recovery and backup using virtual machines |
US20050193101A1 (en) * | 2004-03-01 | 2005-09-01 | Oliver Mitchell B. | Execution of unverified programs in a wireless, device operating environment |
US20050223220A1 (en) * | 2004-03-31 | 2005-10-06 | Campbell Randolph L | Secure virtual machine monitor to tear down a secure execution environment |
US20050268078A1 (en) * | 2004-05-12 | 2005-12-01 | Zimmer Vincent J | Distributed advanced power management |
US20060022161A1 (en) * | 2004-07-29 | 2006-02-02 | Denso Corporation | Fuel injection valve having small sized structure |
US20080276111A1 (en) * | 2004-09-03 | 2008-11-06 | Jacoby Grant A | Detecting Software Attacks By Monitoring Electric Power Consumption Patterns |
US20060177061A1 (en) * | 2004-10-25 | 2006-08-10 | Orsini Rick L | Secure data parser method and system |
US20070004468A1 (en) * | 2005-06-30 | 2007-01-04 | Nokia Corporation | System and method for controlling energy usage in mobile applications |
US7440751B2 (en) * | 2005-06-30 | 2008-10-21 | Nokia Corporation | System and method for controlling energy usage in mobile applications |
US20070005919A1 (en) * | 2005-07-01 | 2007-01-04 | Red Hat, Inc. | Computer system protection based on virtualization |
US7784098B1 (en) * | 2005-07-14 | 2010-08-24 | Trend Micro, Inc. | Snapshot and restore technique for computer system recovery |
US20070168690A1 (en) * | 2005-11-18 | 2007-07-19 | Ross Alan D | Highly available computing platform |
US20070192641A1 (en) * | 2006-02-10 | 2007-08-16 | Intel Corporation | Method and apparatus to manage power consumption in a computer |
US20070208918A1 (en) * | 2006-03-01 | 2007-09-06 | Kenneth Harbin | Method and apparatus for providing virtual machine backup |
US20080028076A1 (en) * | 2006-07-26 | 2008-01-31 | Diwaker Gupta | Systems and methods for controlling resource usage by a driver domain on behalf of a virtual machine |
Non-Patent Citations (3)
Title |
---|
(Adams, K.) A comparison of software and hardware techniques for x86 virtualization. ASPLOS'06, ACM. October 2006. * |
Barham et al. (2003). Xen and the art of virtualization. ACM. Retrieved 08/27/2012 from http://www.cl.cam.ac.uk/research/srg/netos/papers/2003-xensosp.pdf * |
Sailer et al. (2005). sHype:Secure hypervisor approach to trusted virtualized systems. IBM Research Report. Retrieved 08/27/2012 from http://domino.watson.ibm.com/library/cyberdig.nsf/papers/265C8E3A6F95CA8D85256FA1005CBF0F/$File/rc23511.pdf. * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130125125A1 (en) * | 2010-07-21 | 2013-05-16 | Shuichi Karino | Computer system and offloading method in computer system |
US10353722B2 (en) * | 2010-07-21 | 2019-07-16 | Nec Corporation | System and method of offloading cryptography processing from a virtual machine to a management module |
US20130247048A1 (en) * | 2010-11-30 | 2013-09-19 | France Telecom | Method of operating a communication device and related communication device |
US10481950B2 (en) | 2010-11-30 | 2019-11-19 | Orange | Method of operating features of a communication device and related communication device via mappings of features with corresponding virtual machines and hardware components |
US9471378B2 (en) | 2012-05-31 | 2016-10-18 | Apple Inc. | Adaptive resource management of a data processing system |
US20150347262A1 (en) * | 2014-05-30 | 2015-12-03 | Apple Inc. | Performance management based on resource consumption |
US9690685B2 (en) * | 2014-05-30 | 2017-06-27 | Apple Inc. | Performance management based on resource consumption |
Also Published As
Publication number | Publication date |
---|---|
JP2008257715A (en) | 2008-10-23 |
EP1998575A2 (en) | 2008-12-03 |
EP1998575A3 (en) | 2010-11-24 |
EP1998575B1 (en) | 2016-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100823374B1 (en) | Sleep protection | |
US7313705B2 (en) | Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory | |
US8291480B2 (en) | Trusting an unverified code image in a computing device | |
EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
US20120137364A1 (en) | Remote attestation of a mobile device | |
US20200104528A1 (en) | Data processing method, device and system | |
US10867049B2 (en) | Dynamic security module terminal device and method of operating same | |
US8650639B2 (en) | System and method for hindering a cold boot attack | |
EP3494482B1 (en) | Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor | |
JP5727545B2 (en) | Wireless terminal device and system protection method | |
US20170168902A1 (en) | Processor state integrity protection using hash verification | |
US20080276299A1 (en) | Wireless terminal apparatus and method of protecting system resources | |
CA2754230C (en) | System and method for hindering a cold boot attack | |
US9990493B2 (en) | Data processing system security device and security method | |
KR101953444B1 (en) | Software security method based on virtualization technologies to ensure the security level equivalent to hardware and system using the same | |
CN110362983B (en) | Method and device for ensuring consistency of dual-domain system and electronic equipment | |
US9218484B2 (en) | Control method and information processing apparatus | |
CN106355085B (en) | Trusted application operation safety control method | |
CN113312629A (en) | Safe operating system based on android operating system | |
Burmester | Trusted clouds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LEE, SUNG-MIN;MO, SANG-DOK;JEONG, BOK-DEUK;REEL/FRAME:020542/0619 Effective date: 20080128 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |